Air Marshal. White Paper
|
|
- Morgan Wood
- 8 years ago
- Views:
Transcription
1 White Paper Air Marshal SEPTEMBER 2013 This document discusses potential security threats in a WiFi environment, and outlines how enterprises can use a best-in-class Wireless Intrusion Prevention System (WIPS) such as Meraki s Air Marshal to create a secure network with preemptive protection policies and security alerts.
2 Table of Contents Introduction 3 Wireless Threats 5 Threat Remediation 7 Configuration 10 Conclusion 13 Copyright 2013 Cisco Systems, Inc. All rights reserved Trademarks Meraki is a registered trademark of Cisco Systems, Inc. 2
3 Introduction Wireless Security Threats in an Enterprise Environment Secure WiFi access has become a critical component of enterprise networking. WiFi Internet access is critical for corporate communication in verticals including financial services, retail, and distributed enterprise. Due to the widespread use of WiFi and variety of use cases (e.g., point-ofsale (POS) communications, corporate access, warehouse inventory, asset tracking, WiFi services for targeted advertising), the wealth of information transmitted across the wireless medium has skyrocketed. Data transmitted over wireless increasingly contains sensitive personal and financial data. Unfortunately, the tremendous growth in wireless has been accompanied with an increasingly widespread ability to obtain open-source hacking tools that can compromise a wireless network through impersonation of client devices and access points. Examples of common threats in a modern WiFi environment include: Network impersonation: achievable by purchasing any consumer-grade access point and copying an SSID, tricking clients into thinking that this SSID is available and snooping on their information transactions. Legitimate SSID Malicious SSID Unsuspecting user connects to malicious SSID Figure 1: Example of SSID spoofing threat in a retail environment 3
4 Wired network compromise: achieved by an unsuspecting employee or student plugging in a consumer-grade access point into the wired infrastructure and exposing the LAN to hackers. Internet Corporate network Unsuspecting employee plugs in home AP to create wireless access User gains access to corporate LAN resources Figure 2: Example of accidental wired LAN compromise in corporate environment To successfully protect an enterprise network, a Wireless Intrusion Prevention System (WIPS) should provide powerful wireless intrusion scanning capabilities, enabling detection and classification of different types of wireless threats, including rogue access points and wireless hackers. Access points can be put in either dedicated scanning mode or sensor mode for real-time intrusion detection and threat remediation. Additionally, a WIPS system should be configurable with intuitive auto-containment policies to facilitate pre-emptive action against rogue devices. Once a threat has been detected, the WIPS platform should kick into gear to enact powerful policies, including intelligent auto-disablement of APs matching a pre-defined criteria and generating different tiers of alarms based on the type of threat in your airspace. In addition to protecting airspace against hackers with malicious intent, it is valuable to be able to mark or group high-value VIP wireless clients into a special category, where they can be tracked, to ensure they never leave the wireless network. Examples of VIP clients include highvalue corporate assets these devices belong to the organization and should never associate to a wireless network other than your own (e.g., corporate issued laptops, point-of-sale registers or barcode scanners in a retail environment, etc.) These VIP clients should only associate to the corporate network. If they do stray to a foreign network, it would be classified as an accidental association. The ability to detect and generate alerts when a VIP client strays over to a rogue infrastructure can be invaluable in security conscious environments. Cisco Meraki s Air Marshal mode allows network administrators to meet these requirements and design an airtight network architecture that provides an industry-leading WIPS platform in order to completely protect the airspace from wireless attacks. The remainder of this document describes in greater depth wireless threats and the necessary security measures required to remediate against these threats; the conclusion then summarizes the setup and configuration process for Meraki s Air Marshal WIPS platform in order to achieve the highest security protection possible. 4
5 Wireless Threats Understanding the wireless airspace around you can help to take effective measures, both preventive and reactive, to ensure that the wireless airspace is secure and interference-free from other wireless networks. A number of different threats exist in the modern enterprise environment, facilitated by easy access to cheap consumer-grade equipment, along with open-source hacking tools that can be used to simulate and spoof devices and generate traffic floods. Leading enterprise WLAN providers such as Cisco provide built-in WIPS features to ensure detection and remediation against these threats. Threat classifications Visibility and classification of potential wireless threats is an important first step in securing the wireless network and network infrastructure as a whole. Once classified, remediation can be taken against confirmed threats and innocuous alerts can be dismissed. Cisco Meraki Air Marshal automatically classifies threats into the following categories to provide the greatest visibility and overall protection for your network. Rogue SSIDs SSID and AP spoofs: the malicious impersonation of a legitimate AP by either spoofing the SSID name or, even worse, the SSID name and the BSSID (the wireless MAC address, which makes it indistinguishable from the original AP). Rogue SSID seen on LAN: SSIDs that are broadcast by rogue APs and seen on wired LAN; this could suggest compromise of the wired network. Other SSIDs Interfering SSIDs: wireless networks that are broadcasting and could be causing RF interference, as well as attracting accidental associations from clients who are supposed to be connecting to your own network. Ad-Hoc SSIDs: modern smartphones and mobile devices are capable of associating to WiFi networks and then re-broadcasting the SSID, essentially acting as a wireless bridge. Devices in ad-hoc mode can connect to a client AP and create a gateway for wireless hackers. Malicious Broadcasts Denial of Service (DoS) attacks are attempts to prevent clients from associating to the legitimate AP by sending an excessive number of broadcast messages to clients. DoS attacks could be from malicious clients, APs, or even another WIPS system in the area that considers the corporate network a threat and is attempting to remediate. Packet Floods Clients or APs that are sending an excessive number of packets to your AP. Packets are monitored and classified based on multiple categories including beacon, authentication and association frames. An excessive number of any category of packets seen within a short time interval will be marked in Air Marshal as a packet flood. 5
6 Client Straying Threats Accidental associations: client devices that belong to your infrastructure associating to a wireless network in your airspace that has not been sanctioned by your corporation. Straying clients could accidentally connect to Rogue SSIDs or spoofed SSIDs if proper action is not taken to protect the wireless airspace. Site A Site B Client AP Client AP Rogue AP Rogue APs on the wired LAN can compromise your entire wired and wireless network Rogue AP Client Laptop Accidental association High-value asset associations to wrong network Wireless Hacker Ad Hoc Devices in ad-hoc mode can connect to a client AP and create a gateway for wireless hackers Figure 3: Security threats in an enterprise environment PCI Compliance Understanding and remediating against wireless threats is also a requirement under the Payment Card Industry Data Security Standard (PCI DSS), a standard required for retailers to follow when processing credit card data over WLAN networks. Examples of WIPS requirements under PCI DSS include: Section Physical Security: Restrict physical access to known wireless devices. Section Wireless Logs: Archive wireless access centrally using a WIPS for 1 year. Section 11.1 Quarterly Wireless Scan: Scan all sites with card dataholder environments (CDE) whether or not they have known WLAN APs in the CDE. Sampling of sites is not allowed. A WIPS is recommended for large organizations since it is not possible to manually scan or conduct a walk-around wireless security audit of all sites on a quarterly basis Section 11.4 Monitor Alerts: Enable automatic WIPS alerts to instantly notify personnel of rogue devices and unauthorized wireless connections into the CDE. Section 12.9 Eliminate Threats: Prepare an incident response plan to monitor and respond to alerts from the WIPS. Enable automatic containment mechanism on WIPS to block rogues and unauthorized wireless connections. 6
7 Threat Remediation using Meraki s Air Marshal WIPS platform A careful study of the common wireless security threats has led to the development of Meraki s Air Marshal platform, which allows access points to be turned into dedicated WIPS sensors called Air Marshal APs. Air Marshal is a WIPS platform which comes equipped with security alerting and threat remediation mechanisms. This includes the following: a. Monitoring and alerting: a robust and intuitive display of all of the threats for a particular network, including auto-alerting based on the network administrator s preferences. Monitoring techniques include: i. Rogue AP monitoring: Meraki APs scan across all 2.4 GHz and 5 GHz channels to build a list of rogue access points in the nearby vicinity. In addition, further mechanisms are in place to track APs on the wired LAN network by inspecting traffic on the wired port of the Meraki AP, and using this to build a list of rogue APs that may be on the wired LAN. alerts will be triggered and sent based on parameters predefined by the network admin. ii. Tracking client straying of VIP clients: Air Marshal allows tagging of VIP clients and an alert is sent if those clients connect to a unsanctioned SSID. Air Marshal does this by monitoring traffic with the source MAC address of the VIP clients. Wireless devices communicate with three types of frames: management frames are used during the probing and association process. Control and data frames are used when the client is actually connected. If Air Marshal sees data frames originating from VIP clients which are not connected to the corporate wireless network, an alert can be sent to administrators for remediation. Client accidentally associates to Rogue AP Air Marshal AP detects data frames exchanged alert sent to network administrator Figure 4: Tracking accidental associations b. Remediation mechanisms: Air Marshal APs come equipped with the ability to automatically contain rogue APs and alert on rogue APs and accidental associations, allowing for administrators to take physical action to remove rogue APs and recover straying devices. 7
8 What is containment? Containment is a common mechanism that calls for the Air Marshal AP to impersonate or spoof the rogue AP in order to render it ineffective. Air Marshal does this by generating a large number of packets and using the BSSID of the rogue AP as the the source MAC address. Air Marshal APs also provides more sophisticated containment methods including spoofing clients attempting to associate to the rogue by generating packets with the source MAC of the clients; this allows for a two-way spoof and ensures a fool-proof shutdown of the rogue AP. Packet types generated by WIPS during containment: Broadcast deauthorizations with source = Rogue AP, destination = broadcast Deauthorization messages with source = Rogue AP, destination MAC = client Deauthorization and disassociate messages with source = client, destination = Rogue AP #3 ensures that more sophisticated clients with battery-saving capabilities are also unable to connect to the rogue, as they may ignore deauthorization messages from the Rogue AP if they are sleeping in order to save battery life packets Air Marshal AP Packet Types 1. Rogue AP sending broadcast deauthorizations 2. Rogue AP deauthorizing client 3. Client deauthorizing rogue AP Client thinks rogue AP is forcing deauthorizing Rogue AP thinks client is requesting deauthorization Figure 5. Rogue AP Containment explained 2 As containment renders any standard network completely ineffective, extreme caution should be taken to ensure that containment is not being performed on a legitimate network nearby and, action should only be taken as a last resort. Please see the Cisco Guidance Note on de-authentication technology for more information. 8
9 iphone client accidentally associating to Rogue AP n packet type is deauthentication, source is Rogue AP and destination is client Repeated deauthentications sent within short time period Dummy packet is generated by our WIPS sensor, looks like it came from Rogue AP Figure 6 - Example of containment technique Deauthentication packet 9
10 Configuring Meraki s Air Marshal WIPS platform Dual-radio Meraki APs will run wireless scans opportunistically while also serving clients; this means they will scan the channel on which they are serving clients. It is possible to schedule mandatory scans to be run at pre-specified time intervals that can be set as frequently as once a day. For users requiring more accurate and real-time wireless threat assessments, it is possible to place an AP in Air Marshal mode. While acting as an Air Marshal, an AP will use its radios as dedicated scanners to monitor its surrounding environment in real-time. For the dual-radio APs, this includes both the 2.4GHz and 5GHz frequencies. Newer Meraki APs include a third radio which comes pre-configured for permanent Air Marshal scanning. These APs do not require any Air Marshal configuration and will scan and remediate against threats in real-time. Air Marshal mode can be switched on by selecting the relevant APs on the Access Points page. By clicking the relevant AP and selecting On under the Air Marshal scanning section, it is possible to designate this AP as a dedicated WIPS scanner. This Air Marshal AP will now be a dedicated sensor performing scans of the surrounding environments for threats, the results of which will be displayed on the WIPS page in real-time. A note on hybrid vs. dedicated scanners APs with two radios running in client-serving mode will only scan the airspace opportunistically; this means they will scan the client-serving channel in real-time, and will scan across all channels either once a day or when no clients are being served. Most WLAN vendors recommend having dedicated scanning sensors (with no clients being served) in securityconscious environments, to ensure real-time security alerting and protection. Some vendors offer time slicing which allows cross-channel scans while serving clients, but this sacrifices performance of latency-sensitive applications such as VoIP and is generally not recommended in the industry. For this reason, Meraki recommends placing an AP in dedicated Air Marshal mode (or utilizing newer 3-radio APs) for real-time scanning. iphone Select client an AP accidentally and tag it airmarshal associating to Rogue AP 3-radio APs come iphone client accidentally pre-equipped with Air Marshal radio iphone Shield client icon indicates accidentally Air Marshal status Figure 7 - Configuring Air Marshal APs on the Wireless > Access points page 10
11 Configure LAN containment Outlines # of APs in Air Marshal mode and with 3rd scanning radio Specify exact or keyword matches Manual Containment/ Whitelist Add data on rogues: -VLAN -Manufacturer -Wired/wireless MAC -RSSI -Encryption type Figure 8 - Monitoring Air Marshal Page On the Wireless > Air Marshal page, a number of manual actions of automated policies can be set as a response to the detection of certain types of wireless threats based on administrator preferences: 1. Manual rogue containment: when choosing to contain a rogue SSID, the Meraki AP will perform containment (as described in Threat Remediation section of this document) to render the rogue AP ineffective. Certain rogue SSIDs known as friendly APs can also be whitelisted to avoid confusion in the future. 2. Automated LAN and Keyword Containment: automated policies can also be set to contain rogues seen on the wired network, as well as rogue APs matching a certain keyword. For example, if Acme is specified as a keyword and a Rogue SSID begins broadcasting an SSID named AcmeCorp, it will automatically be contained and clients will not be able to associate with it. This can be helpful in detecting people who are trying to copy the network with similar names and trick clients into associating with their own AP. 3. Mandatory scan schedule: set time and days of the week where non-air Marshal APs should scan all channels to ensure daily scanning. 4. On the Wireless > Group policies page, a special policy can be created to track accidental associations by VIP clients; simply select the track clients straying policy attribute and save the policy. The policy can then be applied to specific clients on the Clients page, and devices can also be pre-staged with their MAC addresses to have this policy automatically applied upon association by using the Add devices function on the page. 11
12 Create and apply a group policy to track specific clients Figure 9 - Creating a Client tracking group policy 5. Generic alerts for Rogue APs can be set on the Alerts and Administration page, allowing administrators to receive automatic alerts when rogue APs are detected that either match specified keywords or are seen to be on the wired LAN. Creating a WIPS response plan By configuring alerts and utilizing Meraki s Air Marshal view to monitor these threats retroactively and in real-time, it is possible to build a robust security plan that can be enforced. An example of a complete security methodology is as follows: 1. Create a WIPS plan as per your company s security policies (i) Configure mandatory scanning intervals or designate APs to run in Air Marshal mode (ii) Configure auto-containment policies for rogue SSID keyword matches or rogues on the wired LAN (iii) Configure client straying policies to track batches of VIP clients (iv) Configure WIPS alerts 2. Proactive monitoring of Air Marshal (i) Visit Air Marshal page weekly or quarterly and mark known rogues as whitelisted, contain dangerous rogues (ii) Physically contain rogues that may be a threat 3. Reactive monitoring of Air Marshal alerts (i) Receive alert and react accordingly (set containment, find and contain rogue, etc). 12
13 Conclusion By understanding the spectrum of wireless security threats in today s environment and creating a comprehensive response plan, network administrators can preclude the possibility of a serious compromise of critical network assets including access to secure network devices that belong to the enterprise. A best-in-class WIPS platform should be capable of delivering intuitive reporting and monitoring, along with a robust suite of tools allowing for automatic alerts and security enforncement. Meraki s Air Marshal system includes real-time detection, remediation and alerting capabilities, including the ability to define pre-emptive policies that will intelligently take action to contain rogue APs using sophisticated containment mechanisms. Meraki s wireless portfolio contains both dual-radio APs which can be converted into full-time sensors running in Air Marshal mode, and three-radio APs with dedicated scanning radios permanently running as Air Marshal scanners. By utilizing Meraki access points and Meraki s intuitive web-based Dashboard interface, network administrators can create a robust WIPS policy plan, and easily deploy an airtight network to deliver enterprise-grade security in a WLAN environment. 13
Closing Wireless Loopholes for PCI Compliance and Security
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
More informationPCI Wireless Compliance with AirTight WIPS
A White Paper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Introduction Although [use
More informationAll You Wanted to Know About WiFi Rogue Access Points
All You Wanted to Know About WiFi Rogue Access Points A quick reference to Rogue AP security threat, Rogue AP detection and mitigation Gopinath K. N. Hemant Chaskar AirTight Networks www.airtightnetworks.com
More informationWLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network
WLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Executive Summary Wireless
More informationWireless like Wired reliability delivered
Service Assurance Made Easy Meru Service Assurance Management Suite Forrester found that organizations using the Meru solution can benefit from potentially avoiding repeated site surveys, reducing the
More informationTechnical Brief. Wireless Intrusion Protection
Technical Brief Wireless Intrusion Protection Introduction One layer of the multi-layer wireless security solution provided by Aruba Wireless Networks is the ability to lock the air using wireless intrusion
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationUsing AirWave RAPIDS Rogue Detection to Implement Your Wireless Security and PCI Compliance Strategy
Using AirWave RAPIDS Rogue Detection to Implement Your Wireless Security and PCI Compliance Strategy Table of Contents Introduction 3 Using AirWave RAPIDS to detect all rogues on your network 4 Rogue device
More informationA Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model
A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid
More informationWireless Security and Healthcare Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance
Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs are prevalent in healthcare institutions. The
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationBeyond the Firewall No. 72 March, 2012 Wireless LAN Edition
Wireless LAN infrastructure is now an increasingly common part of corporate enterprises. With wireless LAN infrastructure, new productivity gains can be realized. With this infrastructure though comes
More informationEnsuring HIPAA Compliance in Healthcare
The Intelligent Wireless Networking Choice WHITE PAPER Ensuring HIPAA Compliance in Healthcare Overview Wireless LANs are prevalent in healthcare institutions. The constant need for mobility among doctors,
More informationPCI DSS 3.1 and the Impact on Wi-Fi Security
PCI DSS 3.1 and the Impact on Wi-Fi Security 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved. Table of Contents PCI
More informationWireless Network Analysis. Complete Network Monitoring and Analysis for 802.11a/b/g/n
Wireless Network Analysis Complete Network Monitoring and Analysis for 802.11a/b/g/n Comprehensive Wireless Network Management Made Simple From deploying access points to baselining activity to enforcing
More informationROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK
ROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK The Rogue Access Point Problem One of the most challenging security concerns for IT managers today is the
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationObserver Analyzer Provides In-Depth Management
Comprehensive Wireless Network Management Made Simple From deploying access points to baselining activity to enforcing corporate security policies, the Observer Performance Management Platform is a complete,
More informationWHITE PAPER. WEP Cloaking for Legacy Encryption Protection
WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area
More informationWireless Network Rogue Access Point Detection & Blocking
Summary Rogue devices can potentially disrupt enterprise wireless networks and can sometimes cause irrevocable damage to the company. Enterprises could unknowingly open up their Intellectual Property (IP)
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationwhite paper october 2011 TIRED OF ROGUES? Networks
white paper october 2011 TIRED OF ROGUES? Solutions for Detecting and Eliminating Rogue Wireless Networks Tired of Rogues? This paper provides an overview of the different types of rogue wireless devices,
More informationDon t Let Wireless Detour Your PCI Compliance
Understanding the PCI DSS Wireless Requirements A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc.
More informationMotorola AirDefense Network Assurance Solution. Improve WLAN reliability and reduce management cost
Motorola AirDefense Network Assurance Solution Improve WLAN reliability and reduce management cost The challenge: Ensuring wireless network performance and availability Wireless LANs help organizations
More informationWindows 7 Virtual Wi-Fi: The Easiest Way to Install a Rogue AP on Your Corporate Network
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2010 AirTight Networks, Inc. All rights reserved. Introduction Last few years
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationProtecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems
Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationSarbanes-Oxley Compliance and Wireless LAN Security
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. While at first glance, Sarbanes-Oxley
More informationEnsuring HIPAA Compliance in Healthcare
White paper Ensuring HIPAA Compliance in Healthcare Overview Wireless LANs are prevalent in healthcare institutions. The constant need for mobility among doctors, nurses, and staff while remaining connected
More informationWi-Fi, Health Care, and HIPAA
AN AIRMAGNET TECHNICAL WHITE PAPER Wi-Fi, Health Care, and HIPAA WLAN Management in the Modern Hospital by Wade Williamson WWW.AIRMAGNET.COM This page contains no topical information. Table of Contents
More informationWHITE PAPER. Preventing Wireless Data Breaches in Retail
WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing
More informationWHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance
WHITEPAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility
More informationCISCO WIRELESS CONTROL SYSTEM (WCS)
CISCO WIRELESS CONTROL SYSTEM (WCS) Figure 1. Cisco Wireless Control System (WCS) PRODUCT OVERVIEW Cisco Wireless Control System (WCS) Cisco Wireless Control System (WCS) is the industry s leading platform
More informationWireless (In)Security Trends in the Enterprise
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2012 AirTight Networks, Inc. All rights reserved. WiFi is proliferating fast.
More informationWHITE PAPER. Wireless LAN Security for Healthcare and HIPAA Compliance
WHITE PAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility
More informationEnhancing the Security of Corporate Wi-Fi Networks Using DAIR. Example : Rogue AP. Challenges in Building an Enterprise-scale WiFi Monitoring System
Challenges in Building an Enterprise-scale WiFi Monitoring System Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Scale of WLAN Microsoft s WLAN has over 5 APs Paramvir Bahl, Ranveer Chandra,
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationWireless Local Area Network Deployment and Security Practices
HIGHLIGHTS AUDIT REPORT Wireless Local Area Network Deployment and April 24, 2014 Report Number HIGHLIGHTS BACKGROUND: The U.S. Postal Service is committed to providing a high quality, secure, and cost-effective
More informationCisco Adaptive Wireless Intrusion Prevention System
Data Sheet Cisco Adaptive Wireless Intrusion Prevention System Product Overview The wireless spectrum is a new frontier for many IT organizations. Like any other networking medium, the wireless spectrum
More informationCisco Wireless Control System (WCS)
Data Sheet Cisco Wireless Control System (WCS) PRODUCT OVERVIEW Cisco Wireless Control System (WCS) Cisco Wireless Control System (WCS) is the industry s leading platform for wireless LAN planning, configuration,
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationProtect the Air: Testing Aruba Networks RFProtect AirWave Capabilities to Detect and Repel WLAN Attacks
Protect the Air: Testing Aruba Networks RFProtect AirWave Capabilities to Detect and Repel WLAN Attacks January 2011 Page2 Table of Contents 1 Executive Summary... 3 2 Introducing RFProtect and AirWave...
More informationWHITE PAPER. Enterprise Wireless LAN Security
WHITE PAPER Enterprise Wireless LAN Security Preface This paper describes the challenges today s administrators face when planning data protection for their wireless networks. Paramount in this discussion
More informationUS Postal Service - Effective Security Policies and Controls For Wireless Networks
Wireless Local Area Network Deployment and Security Practices Audit Report Report Number IT-AR-14-005-DR April 24, 2014 Highlights Our objectives were to determine whether the Postal Service has effective
More informationConfiguring Security Solutions
CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationIntegrated Health Systems. Enterprise Wireless LAN Security for Long Term Care. Integrated Systems, Inc. (866) 602-6100
Integrated Health Systems Enterprise Wireless LAN Security for Long Term Care Integrated Systems, Inc. (866) 602-6100 Enterprise Wireless LAN Security This paper describes the challenges today s healthcare
More informationDedicated Air Monitors? You Decide.
Tech Brief Enterprise Dedicated Air Monitors? You Decide. Introduction Aruba customers commonly ask: Do I need dedicated air monitors in an Aruba deployment, or can I get by with just access points? The
More informationWireless Security Strategies for 802.11ac and the Internet of Things
339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2014 AirTight Networks, Inc. All rights reserved. The Internet of Things is a double-edged sword. While it confers many
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationCisco Adaptive Wireless Intrusion Prevention System
Cisco Adaptive Wireless Intrusion Prevention System Product Overview The wireless spectrum is a new frontier for many IT organizations. Like any other networking medium, the wireless spectrum must be properly
More informationUnited States Trustee Program s Wireless LAN Security Checklist
United States Trustee Program s Wireless LAN Security Checklist In support of a standing trustee s proposed implementation of Wireless Access Points (WAP) in ' 341 meeting rooms and courtrooms, the following
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationNXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015
NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation 802.11w Management Frame Protection Introduction IEEE 802.11w
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationMeraki Wireless Solution Comparison
Meraki Wireless Solution Comparison Why Meraki? Simplified cloud management Intuitive interface allows devices to be configured in minutes without training or dedicated staff Centrally manage thousands
More informationPREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS
PREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS A Guide to combating WLAN DoS Vulnerabilities Executive Summary Wireless communications that use a shared Radio Frequency (RF) medium are often vulnerable
More informationDESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com
DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationWHITE PAPER. TIRED OF ROGUES? Solutions for Detecting and Eliminating Rogue Wireless Networks
WHITE PAPER TIRED OF ROGUES? Solutions for Detecting and Eliminating Rogue Wireless Networks Tired of Rogues? : Solutions for Detecting and Eliminating Rogue Wireless Networks This paper provides an overview
More informationUnderstanding WiFi Security Vulnerabilities and Solutions. Dr. Hemant Chaskar Director of Technology AirTight Networks
Understanding WiFi Security Vulnerabilities and Solutions Dr. Hemant Chaskar Director of Technology AirTight Networks WiFi Proliferation Global WiFi Radio Chipset Sales 387 307 Millions 120 200 2005 2006
More informationDeploy WiFi Quickly and Easily
Deploy WiFi Quickly and Easily Table of Contents 3 Introduction 3 The Backhaul Challenge 4 Effortless WiFi Access 4 Rate Limiting 5 Traffic Filtering 5 Channel Selection 5 Enhanced Roaming 6 Connecting
More informationMeraki as Cisco Cloud Services Manage your network Where ever you are!
Meraki as Cisco Cloud Services Manage your network Where ever you are! Marketing/Technical description for services Scope of the Service Cloud services can deliver big technology benefits to midsized and
More informationWireless Vulnerability Assessment For: ABC
AIRTIGHT NETWORKS REPORTS Wireless Vulnerability Assessment For: ABC From: Apr 17, 2008 12:55 PM To: Apr 17, 2008 4:55 PM Location: \\ABC Corp A Report by AirTight Networks, Inc. 339 N. Bernardo Avenue,
More informationOverlay vs. Integrated Wireless Security The pros and cons of different approaches to wireless intrusion prevention
Whitepaper Overlay vs. Integrated Wireless Security The pros and cons of different approaches to wireless intrusion prevention There are a few different ways to deploy monitoring systems that scan the
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationMSC-131. Design and Deploy AirDefense Solutions Exam. http://www.examskey.com/msc-131.html
Motorola MSC-131 Design and Deploy AirDefense Solutions Exam TYPE: DEMO http://www.examskey.com/msc-131.html Examskey Motorola MSC-131 exam demo product is here for you to test the quality of the product.
More informationThe University of New Hampshire ~ InterOperability Laboratory 2005. Voice Over IP and Wireless Data Coexistence in a WLAN Switch Deployment
Voice Over IP and Wireless Data Coexistence in a WLAN Switch Deployment Introduction Wireless technology is becoming increasingly integrated into the world s networks. Recent innovations, such as offloading
More informationHP RF Manager Release 6.0.177
5998 3768 v6.0.177 HP RF Manager Release 6.0.177 Release Notes www.hp.com/networking Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationD-View 7 Network Management System
Product Highlights Comprehensive Management Manage your network effectively with useful tools and features such as Batch Configuration, SNMP, and Flexible command Line Dispatch Hassle-Free Network Management
More informationRobust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been
Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationIknaia Asset and Personnel Tracking Management System for the Construction Industry
Iknaia Asset and Personnel Tracking Management System for the Construction Industry Introduction The UK construction industry accounts for over 7%* of the UK s Gross Domestic Product and employs over two
More informationHP Networking Mobility Security IDS/IPS Series
HP Networking Mobility Security IDS/IPS Series Data sheet Product overview HP RF Manager provides detection and prevention of wireless threats with automated policy-based security and location-tracking
More informationMeraki: Introduction to Cloud Networking
Meraki: Introduction to Cloud Networking April 30, 2014 Sharif Kotb Meraki Business Manager KSA, UAE, Turkey, & Qatar Agenda About Cisco s Cloud Managed Networking Cloud Architecture Solution Overview
More informationSecure the air for Payment Card Industry Data Security Standard 2.0 compliance
Secure the air for Payment Card Industry Data Security Standard 2.0 compliance Table of Contents Retail security threats are rising 3 A quick PCI 2.0 refresher 3 Mitigate risks with PCI DSS 2.0 4 Specific
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationThe Wireless Network Road Trip
The Wireless Network Road Trip The Association Process To begin, you need a network. This lecture uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in
More informationAn Intelligent Solution for the Mobile Enterprise
An Intelligent Solution for the Mobile Enterprise IntelliGO - An Intelligent Solution for the Mobile Enterprise BYOD and the mobile movement continue to gain momentum fueled by the explosive growth of
More informationVirtual Access Points
Virtual Access Points Performance Impacts in an 802.11 environment and Alternative Solutions to overcome the problems By Thenu Kittappa Engineer Author: Thenu Kittappa Page 1 Virtual Access Points... 1
More informationThe ArubaOS Spectrum Analyzer Module
Tech Brief Enterprise The ArubaOS Spectrum Analyzer Module The ArubaOS Spectrum Analyzer Module Tech Brief Table of Contents Introduction... 2 Visibility into the non-802.11 Spectrum... 2 Features... 3
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More information2014 Cisco and/or its affiliates. All rights reserved.
2014 Cisco and/or its affiliates. All rights reserved. Cisco Meraki: a complete cloud-managed networking solution - Wireless, switching, security, and MDM, centrally managed over the web - Built from the
More informationCisco Unified Wireless Network Solution Positioning for the New PCI DSS Wireless Guideline
Cisco Unified Wireless Network Solution Positioning for the New PCI DSS Wireless Guideline This document directly addresses the recommendations listed in the Information Supplement: PCI DSS Wireless Guideline.
More informationIntegrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment
Integrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment Table of Contents Introduction 3 Limitations in WIDS monitoring 3 Monitoring weaknesses 3 Traffic analysis
More informationHow To Use An Ipad Wireless Network (Wi Fi) With An Ipa (Wired) And An Ipat (Wired Wireless) Network (Wired Wired) At The Same Time
IdentiFiTM IDENTIFI Experience Matters IdentiFi wired-like Wi-Fi experience for the wireless world Extreme Networks IdentiFi is a purpose-built Wi-Fi solution that provides a wiredlike Wireless Local Area
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationHole196 Vulnerability in WPA2
Hole196 Vulnerability in WPA2 1 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino, Managing Director, Systems Engineering Dr. Kaustubh Phanse, Principal Wireless Architect Md. Sohail Ahmad, Senior
More informationLessons in Wireless for K-12 Schools
White Paper Education Lessons in Wireless for K-12 Schools Don Reckles Introduction The Growing Need for the Network Primary and secondary (K-12) educational institutions are increasingly turning to computer
More informationLegacy 802.11 Security
Legacy 802.11 Security Contents Authentication Open System Authentication Shared Key Authentication Wired Equivalent Privacy (WEP) Encryption Virtual Private Networks (VPNs) Point-to-Point Tunneling Protocol
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More informationConfiguration Guide for RFMS 3.0 Initial Configuration. WiNG How-To Guide. Wireless IDS. January 2009 Revision A
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG How-To Guide Wireless IDS January 2009 Revision A MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More information